您在生产企业环境中见过的最邪恶的代码是什么？

发布于 2024-07-11 19:37:52 字数 288 浏览 7 评论 0原文

您在公司生产环境中见过的最邪恶或最危险的代码片段是什么？我从未遇到过我认为是故意恶意和邪恶的生产代码，所以我很好奇看看其他人发现了什么。

我见过的最危险的代码是远离我们的核心生产数据库服务器两个链接服务器的存储过程。该存储过程接受任何 NVARCHAR(8000) 参数，并通过双跳转 sp_executeSQL 命令在目标生产服务器上执行该参数。也就是说，sp_executeSQL 命令执行了另一个 sp_executeSQL 命令，以便跳转两个链接服务器。哦，链接服务器帐户在目标生产服务器上具有系统管理员权限。

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

你丑哭了我 2024-07-18 19:37:52

警告：前面有一篇长篇可怕的文章

我写过一篇关于我之前开发过的应用程序的文章这里和在这里。简单来说，我的公司从印度继承了13万行垃圾。该应用程序是用 C# 编写的；这是一个柜员应用程序，与您每次去银行时柜员在柜台后面使用的软件相同。该应用程序每天崩溃 40-50 次，而且根本无法重构为工作代码。我的公司不得不在 12 个月的时间里重新编写整个应用程序。

为什么这个应用程序是邪恶的？因为看到源代码就足以让一个理智的人发疯，也让一个疯子变得理智。用于编写此应用程序的扭曲逻辑只能是受到洛夫克拉夫特式噩梦的启发。该应用程序的独特功能包括：

在 130,000 行代码中，整个应用程序包含 5 个类（不包括表单文件）。所有这些都是公共静态类。其中一个类称为 Globals.cs，其中包含数千个公共静态变量，用于保存应用程序的整个状态。这五个类总共包含 20,000 行代码，其余代码嵌入表单中。
你一定想知道，程序员是如何在没有任何类的情况下编写出如此大的应用程序的？他们用什么来表示他们的数据对象？事实证明，程序员仅仅通过组合 ArrayList、HashTable 和 DataTable，就成功地重新发明了我们所学过的有关 OOP 的一半概念。我们看到了很多这样的情况：
- 哈希表的数组列表
- 具有字符串键和 DataRow 值的哈希表
- 数据表的数组列表
- 包含 ArrayList 的 DataRows（其中包含 HashTable）
- DataRow 的数组列表
- ArrayList 的 ArrayList
- 具有字符串键和哈希表值的哈希表
- 哈希表的数组列表的数组
- 您能想到的所有其他 ArrayList、HashTable、DataTable 组合。
请记住，上面的数据结构都不是强类型的，因此您必须将从列表中获得的任何神秘对象转换为正确的类型。仅使用 ArrayList、HashTable 和 DataTable 就可以创建如此复杂的、类似 Rube Goldberg 的数据结构，真是令人惊奇。
为了分享如何使用上面详述的对象模型的示例，请考虑帐户：原始程序员为帐户的每个可想象的属性创建了一个单独的哈希表：名为 hstAcctExists、hstAcctNeedsOverride、hstAcctFirstName 的哈希表。所有这些哈希表的键都是“|” 分隔的字符串。可能的键包括“123456|DDA”、“24100|SVG”、“100|LNS”等。
由于可以通过全局变量轻松访问整个应用程序的状态，因此程序员发现没有必要将参数传递给方法。我想说 90% 的方法采用 0 个参数。在少数这样做的情况下，为了方便起见，所有参数都以字符串形式传递，无论字符串代表什么。
不存在无副作用的函数。每个方法都会修改 Globals 类中的 1 个或多个变量。并非所有副作用都有意义；例如，其中一种表单验证方法有一个神秘的副作用，即计算存储 Globals.lngAcctNum 的任何帐户的贷款超额付款和短缺付款。
虽然有很多形式，但有一种形式可以统治所有形式：frmMain.cs，其中包含多达 20,000 行代码。 frmMain 做了什么？一切。它查账、打印收据、发放现金，它无所不能。
有时需要其他形式来调用 frmMain 上的方法。为什么不直接调用代码，而不是将代码从表单中分解到单独的类中：
```
((frmMain)this.MDIParent).UpdateStatusBar(hstValues); 
  
```
为了查找帐户，程序员做了如下操作：
```
bool blnAccountExists = 
      新的 frmAccounts().GetAccountInfo().blnAccountExists 
  
```
尽管它已经创建了一个不可见的表单来执行业务逻辑，但您认为该表单如何知道要查找哪个帐户？这很简单：表单可以访问 Globals.lngAcctNum 和 Globals.strAcctType。（谁不喜欢匈牙利表示法？）
代码重用是 ctrl-c、ctrl-v 的同义词。我发现 200 行方法在 20 个表单中复制/粘贴。
该应用程序有一个奇怪的线程模型，我喜欢称之为线程和计时器模型：产生线程的每个表单都有一个计时器。每个产生的线程都会启动一个有 200 毫秒延迟的计时器；一旦计时器启动，它就会检查线程是否设置了一些魔法布尔值，然后它会中止线程。由此产生的 ThreadAbortException 被吞掉了。
您可能认为这种模式只会出现一次，但我在至少 10 个不同的地方发现了它。
说到线程，应用程序中从未出现过关键字“lock”。线程无需获取锁即可自由操作全局状态。
应用程序中的每个方法都包含一个 try/catch 块。每个异常都被记录并吞掉。
谁需要在打开字符串时打开枚举也同样容易！

一些天才发现您可以将多个表单控件连接到同一个事件处理程序。程序员是如何处理这个问题的？

private void OperationButton_Click（对象发送者，EventArgs e） 
  { 
      按钮 btn = (按钮)发送者; 
      if (blnModeIsAddMc) 
      { 
          添加McOperationKeyPress(btn); 
      } 
      别的 
      { 
          字符串 strToBeAppendLater = string.Empty; 
          if (btn.Name != "btnBS") 
          { 
              更新文本(); 
          } 
          if (txtEdit.Text.Trim() != "错误") 
          { 
              保存表单状态（）； 
          } 
          开关（btn.名称） 
          { 
              案例“btnC”： 
                  重置值（）； 
                  休息; 
              案例“btnCE”： 
                  txtEdit.Text = "0"; 
                  休息; 
              案例“btnBS”： 
                  if (!blnStartedNew) 
                  { 
                      字符串 EditText = txtEdit.Text.Substring(0, txtEdit.Text.Length - 1); 
                      DisplayValue((EditText == string.Empty) ? "0" : EditText); 
                  } 
                  休息; 
              案例“btnPercent”： 
                  blnAfterOp = true; 
                  if (GetValueDecimal(txtEdit.Text, out decCurrValue)) 
                  { 
                      AddToTape(GetValueString(decCurrValue), (string)btn.Text, true, false); 
                      decCurrValue = decResultValue * decCurrValue / intFormatFactor; 
                      DisplayValue(GetValueString(decCurrValue)); 
                      AddToTape(GetValueString(decCurrValue), string.Empty, true, false); 
                      strToBeAppendLater = GetValueString(decResultValue).PadLeft(20) 
                                                  + strOpPressed.PadRight(3); 
                      if (arrLstTapeHist.Count == 0) 
                      { 
                          arrLstTapeHist.Add(strToBeAppendLater); 
                      } 
                      blnEqualOccurred = false； 
                      blnStartedNew = true； 
                  } 
                  休息; 
              案例“btnAdd”： 
              案例“btnSubtract”： 
              案例“btnMultiply”： 
              案例“btnDivide”： 
                  blnAfterOp = true; 
                  if (txtEdit.Text.Trim() == "错误") 
                  { 
                      btnC.PerformClick(); 
                      返回; 
                  } 
                  if (blnNumPressed || blnEqualOccurred) 
                  { 
                      if (GetValueDecimal(txtEdit.Text, out decCurrValue)) 
                      { 
                          如果（操作（）） 
                          { 
                              AddToTape(GetValueString(decCurrValue), (string)btn.Text, true, true); 
                              DisplayValue(GetValueString(decResultValue)); 
                          } 
                          别的 
                          { 
                              AddToTape(GetValueString(decCurrValue), (string)btn.Text, true, true); 
                              显示值（“错误”）； 
                          } 
                          strOpPressed = btn.Text; 
                          blnEqualOccurred = false； 
                          blnNumPressed = false； 
                      } 
                  } 
                  别的 
                  { 
                      strOpPressed = btn.Text; 
                      AddToTape(GetValueString(0), (string)btn.Text, false, false); 
                  } 
                  if (txtEdit.Text.Trim() == "错误") 
                  { 
                      AddToTape("错误", string.Empty, true, true); 
                      btnC.PerformClick(); 
                      txtEdit.Text = "错误"; 
                  } 
                  休息; 
              案例“btnEqual”： 
                  blnAfterOp = false; 
                  if (strOpPressed != string.Empty || strPrevOp != string.Empty) 
                  { 
                      if (GetValueDecimal(txtEdit.Text, out decCurrValue)) 
                      { 
                          if (操作等于()) 
                          { 
                              DisplayValue(GetValueString(decResultValue)); 
                          } 
                          别的 
                          { 
                              显示值（“错误”）； 
                          } 
                          if (!blnEqualOccurred) 
                          { 
                              strPrevOp = strOpPressed; 
                              decHistValue = decCurrValue; 
                              blnNumPressed = false； 
                              blnEqualOccurred = true； 
                          } 
                          strOpPressed = string.Empty; 
                      } 
                  } 
                  休息; 
              案例“btnSign”： 
                  GetValueDecimal(txtEdit.Text, out decCurrValue); 
                  DisplayValue(GetValueString(-1 * decCurrValue)); 
                  休息; 
          } 
      } 
  }

同样的天才还发现了辉煌的三元运算符。以下是一些代码示例：

frmTranHist.cs [第 812 行]：

strDrCr = chkCredits.Checked &&   chkDebits.Checked ?   字符串.空 
                      : chkDebits.Checked ?   “D” 
                          : chkCredits. 已检查？   “C” 
                              ：“N”；

frmTellTransHist.cs [第 961 行]：

if (strDefaultVals == strNowVals && (dsTranHist == null ? true : dsTranHist.Tables.Count == 0 ? true : dsTranHist.Tables[0].Rows.Count == 0 ? true ： 错误的））

frmMain.TellCash.cs [第 727 行]：

if (验证(parPostMode == "ADD" ? true : false))

这是一个代码片段，演示了 StringBuilder 的典型误用。请注意程序员如何在循环中连接字符串，然后将结果字符串附加到 StringBuilder：

私有字符串CreateGridString() 
  { 
      字符串 strTemp = string.Empty; 
      StringBuilder strBuild = new StringBuilder(); 
      foreach（dgvAcctHist.Rows 中的 DataGridViewRow dgrRow） 
      { 
          strTemp = ((DataRowView)dgrRow.DataBoundItem)["Hst_chknum"].ToString().PadLeft(8, ' '); 
          strTemp +=“”； 
          strTemp += Convert.ToDateTime(((DataRowView)dgrRow.DataBoundItem)["Hst_trandt"]).ToString("MM/dd/yyyy"); 
          strTemp +=“”； 
          strTemp += ((DataRowView)dgrRow.DataBoundItem)["Hst_DrAmount"].ToString().PadLeft(15, ' '); 
          strTemp +=“”； 
          strTemp += ((DataRowView)dgrRow.DataBoundItem)["Hst_CrAmount"].ToString().PadLeft(15, ' '); 
          strTemp +=“”； 
          strTemp += ((DataRowView)dgrRow.DataBoundItem)["Hst_trancd"].ToString().PadLeft(4, ' '); 
          strTemp +=“”； 
          strTemp += GetDescriptionString(((DataRowView)dgrRow.DataBoundItem)["Hst_desc"].ToString(), 30, 62); 
          strBuild.AppendLine(strTemp); 
      } 
      strCreateGridString = strBuild.ToString(); 
      return strCreateGridString;//strBuild.ToString(); 
  }

表上不存在主键、索引或外键约束，几乎所有字段都是 varchar(50) 类型，并且 100 % 的字段可为空。有趣的是，位字段不用于存储布尔数据；而是用于存储布尔数据。相反，使用 char(1) 字段，并使用字符“Y”和“N”分别表示 true 和 false。

说到数据库，下面是存储过程的代表性示例：

更改过程 [dbo].[Get_TransHist] 
   （  
        @TellerID int = null， 
        @CashDrawer int = null， 
        @AcctNum bigint = null， 
        @StartDate日期时间=空， 
        @EndDate 日期时间 = null, 
        @StartTranAmt 小数(18,2) = null, 
        @EndTranAmt 小数(18,2) = null, 
        @TranCode int = null， 
        @TranType int = null 
   ） 
  作为  
        声明 @WhereCond Varchar(1000) 
        声明 @strQuery Varchar(2000) 
        设置 @WhereCond = ' ' 
        设置 @strQuery = ' ' 
        如果不是@TellerID 则为 null 
              设置 @WhereCond = @WhereCond + ' AND TT.TellerID = ' + Cast(@TellerID as varchar) 
        如果不是@CashDrawer则为null 
              设置 @WhereCond = @WhereCond + ' AND TT.CDId = ' + Cast(@CashDrawer as varchar) 
        如果不是@AcctNum则为null 
              设置 @WhereCond = @WhereCond + ' AND TT.AcctNbr = ' + Cast(@AcctNum as varchar) 
        如果不是@StartDate则为null 
              设置 @WhereCond = @WhereCond + ' AND Convert(varchar,TT.PostDate,121) >= ''' + Convert(varchar,@StartDate,121) + '''' 
        如果不是@EndDate则为null 
              设置 @WhereCond = @WhereCond + ' AND Convert(varchar,TT.PostDate,121) <= ''' + Convert(varchar,@EndDate,121) + '''' 
        如果不是@TranCode则为null 
              设置 @WhereCond = @WhereCond + ' AND TT.TranCode = ' + Cast(@TranCode as varchar) 
        如果不是@EndTranAmt则为null 
              设置 @WhereCond = @WhereCond + ' AND TT.TranAmt <= ' + Cast(@EndTranAmt as varchar) 
        如果不是@StartTranAmt则为null 
              设置 @WhereCond = @WhereCond + ' AND TT.TranAmt >= ' + Cast(@StartTranAmt as varchar) 
        如果不是（@TranType 为 null 或 @TranType = -1） 
              设置 @WhereCond = @WhereCond + ' AND TT.DocType = ' + Cast(@TranType as varchar) 
        --根据过滤条件获取柜员交易记录 
        设置@strQuery = '选择  
              TT.TranAmt 为[交易金额]，  
              TT.TranCode 为【交易代码】， 
              RTrim(LTrim(TT.TranDesc)) as [交易描述], 
              TT.AcctNbr 作为[帐号]， 
              TT.TranID 为[交易编号]， 
              Convert(varchar,TT.ActivityDateTime,101) as [活动日期], 
              Convert(varchar,TT.EffDate,101) as [生效日期], 
              转换（varchar，TT.PostDate，101）为[发布日期]， 
              转换（varchar，TT.ActivityDateTime，108）为[时间]， 
              TT.批次ID, 
              TT.项目ID, 
              isnull(TT.DocumentID, 0) 作为 DocumentID， 
              TT.出纳员姓名， 
              TT.CDId， 
              TT.ChkNbr, 
              RTrim(LTrim(DT.DocTypeDecr)) 作为 DocTypeDecr， 
              (CASE WHEN TT.TranMode = ''F'' THEN ''离线'' ELSE ''在线'' END) TranMode, 
              已分配YN 
        来自 TellerTrans TT 的 (NOLOCK) 
        DocType = DocumentType 上的 LEFT OUTER JOIN DocumentTypes DT with (NOLOCK) 
        WHERE IsNull(TT.DeletedYN, 0) = 0 ' + @WhereCond + ' 按 BatchId、TranID、ItemID 排序'     
        执行 (@strQuery)

尽管如此，这个 130,000 行应用程序的最大问题是：没有单元测试。

是的，我把这个故事发给了 TheDailyWTF，然后我就辞职了。

Warning: Long scary post ahead

I've written about one application I've worked on before here and here. To put it simply, my company inherited 130,000 lines of garbage from India. The application was written in C#; it was a teller app, the same kind of software tellers use behind the counter whenever you go to the bank. The app crashed 40-50 times a day, and it simply couldn't be refactored into working code. My company had to re-write the entire app over the course of 12 months.

Why is this application evil? Because the sight of the source code was enough to drive a sane man mad and a mad man sane. The twisted logic used to write this application could have only been inspired by a Lovecraftian nightmare. Unique features of this application included:

Out of 130,000 lines of code, the entire application contained 5 classes (excluding form files). All of these were public static classes. One class was called Globals.cs, which contained 1000s and 1000s and 1000s of public static variables used to hold the entire state of the application. Those five classes contained 20,000 lines of code total, with the remaining code embedded in the forms.
You have to wonder, how did the programmers manage to write such a big application without any classes? What did they use to represent their data objects? It turns out the programmers managed to re-invent half of the concepts we all learned about OOP simply by combining ArrayLists, HashTables, and DataTables. We saw a lot of this:
- ArrayLists of hashtables
- Hashtables with string keys and DataRow values
- ArrayLists of DataTables
- DataRows containing ArrayLists which contained HashTables
- ArrayLists of DataRows
- ArrayLists of ArrayLists
- HashTables with string keys and HashTable values
- ArrayLists of ArrayLists of HashTables
- Every other combination of ArrayLists, HashTables, DataTables you can think of.
Keep in mind, none of the data structures above are strongly typed, so you have to cast whatever mystery object you get out of the list to the correct type. It's amazing what kind of complex, Rube Goldberg-like data structures you can create using just ArrayLists, HashTables, and DataTables.
To share an example of how to use the object model detailed above, consider Accounts: the original programmer created a seperate HashTable for each concievable property of an account: a HashTable called hstAcctExists, hstAcctNeedsOverride, hstAcctFirstName. The keys for all of those hashtables was a “|” separated string. Conceivable keys included “123456|DDA”, “24100|SVG”, “100|LNS”, etc.
Since the state of the entire application was readily accessible from global variables, the programmers found it unnecessary to pass parameters to methods. I'd say 90% of methods took 0 parameters. Of the few which did, all parameters were passed as strings for convenience, regardless of what the string represented.
Side-effect free functions did not exist. Every method modified 1 or more variables in the Globals class. Not all side-effects made sense; for example, one of the form validation methods had a mysterious side effect of calculating over and short payments on loans for whatever account was stored Globals.lngAcctNum.
Although there were lots of forms, there was one form to rule them all: frmMain.cs, which contained a whopping 20,000 lines of code. What did frmMain do? Everything. It looked up accounts, printed receipts, dispensed cash, it did everything.
Sometimes other forms needed to call methods on frmMain. Rather than factor that code out of the form into a seperate class, why not just invoke the code directly:
```
((frmMain)this.MDIParent).UpdateStatusBar(hstValues);
```
To look up accounts, the programmers did something like this:
```
bool blnAccountExists =
    new frmAccounts().GetAccountInfo().blnAccountExists
```
As bad as it already is creating an invisible form to perform business logic, how do you think the form knew which account to look up? That’s easy: the form could access Globals.lngAcctNum and Globals.strAcctType. (Who doesn't love Hungarian notation?)
Code-reuse was a synonym for ctrl-c, ctrl-v. I found 200-line methods copy/pasted across 20 forms.
The application had a bizarre threading model, something I like to call the thread-and-timer model: each form that spawned a thread had a timer on it. Each thread that was spawned kicked off a timer which had a 200 ms delay; once the timer started, it would check to see if the thread had set some magic boolean, then it would abort the thread. The resulting ThreadAbortException was swallowed.
You'd think you'd only see this pattern once, but I found it in at least 10 different places.
Speaking of threads, the keyword "lock" never appeared in the application. Threads manipulated global state freely without taking a lock.
Every method in the application contained a try/catch block. Every exception was logged and swallowed.
Who needs to switch on enums when switching on strings is just as easy!

Some genius figured out that you can hook multiple form controls up to the same event handler. How did the programmer handle this?

private void OperationButton_Click(object sender, EventArgs e)
{
    Button btn = (Button)sender;
    if (blnModeIsAddMc)
    {
        AddMcOperationKeyPress(btn);
    }
    else
    {
        string strToBeAppendedLater = string.Empty;
        if (btn.Name != "btnBS")
        {
            UpdateText();
        }
        if (txtEdit.Text.Trim() != "Error")
        {
            SaveFormState();
        }
        switch (btn.Name)
        {
            case "btnC":
                ResetValues();
                break;
            case "btnCE":
                txtEdit.Text = "0";
                break;
            case "btnBS":
                if (!blnStartedNew)
                {
                    string EditText = txtEdit.Text.Substring(0, txtEdit.Text.Length - 1);
                    DisplayValue((EditText == string.Empty) ? "0" : EditText);
                }
                break;
            case "btnPercent":
                blnAfterOp = true;
                if (GetValueDecimal(txtEdit.Text, out decCurrValue))
                {
                    AddToTape(GetValueString(decCurrValue), (string)btn.Text, true, false);
                    decCurrValue = decResultValue * decCurrValue / intFormatFactor;
                    DisplayValue(GetValueString(decCurrValue));
                    AddToTape(GetValueString(decCurrValue), string.Empty, true, false);
                    strToBeAppendedLater = GetValueString(decResultValue).PadLeft(20)
                                                + strOpPressed.PadRight(3);
                    if (arrLstTapeHist.Count == 0)
                    {
                        arrLstTapeHist.Add(strToBeAppendedLater);
                    }
                    blnEqualOccurred = false;
                    blnStartedNew = true;
                }
                break;
            case "btnAdd":
            case "btnSubtract":
            case "btnMultiply":
            case "btnDivide":
                blnAfterOp = true;
                if (txtEdit.Text.Trim() == "Error")
                {
                    btnC.PerformClick();
                    return;
                }
                if (blnNumPressed || blnEqualOccurred)
                {
                    if (GetValueDecimal(txtEdit.Text, out decCurrValue))
                    {
                        if (Operation())
                        {
                            AddToTape(GetValueString(decCurrValue), (string)btn.Text, true, true);
                            DisplayValue(GetValueString(decResultValue));
                        }
                        else
                        {
                            AddToTape(GetValueString(decCurrValue), (string)btn.Text, true, true);
                            DisplayValue("Error");
                        }
                        strOpPressed = btn.Text;
                        blnEqualOccurred = false;
                        blnNumPressed = false;
                    }
                }
                else
                {
                    strOpPressed = btn.Text;
                    AddToTape(GetValueString(0), (string)btn.Text, false, false);
                }
                if (txtEdit.Text.Trim() == "Error")
                {
                    AddToTape("Error", string.Empty, true, true);
                    btnC.PerformClick();
                    txtEdit.Text = "Error";
                }
                break;
            case "btnEqual":
                blnAfterOp = false;
                if (strOpPressed != string.Empty || strPrevOp != string.Empty)
                {
                    if (GetValueDecimal(txtEdit.Text, out decCurrValue))
                    {
                        if (OperationEqual())
                        {
                            DisplayValue(GetValueString(decResultValue));
                        }
                        else
                        {
                            DisplayValue("Error");
                        }
                        if (!blnEqualOccurred)
                        {
                            strPrevOp = strOpPressed;
                            decHistValue = decCurrValue;
                            blnNumPressed = false;
                            blnEqualOccurred = true;
                        }
                        strOpPressed = string.Empty;
                    }
                }
                break;
            case "btnSign":
                GetValueDecimal(txtEdit.Text, out decCurrValue);
                DisplayValue(GetValueString(-1 * decCurrValue));
                break;
        }
    }
}

The same genius also discovered the glorious ternary operator. Here are some code samples:

frmTranHist.cs [line 812]:

strDrCr = chkCredits.Checked && chkDebits.Checked ? string.Empty
                    : chkDebits.Checked ? "D"
                        : chkCredits.Checked ? "C"
                            : "N";

frmTellTransHist.cs [line 961]:

if (strDefaultVals == strNowVals && (dsTranHist == null ? true : dsTranHist.Tables.Count == 0 ? true : dsTranHist.Tables[0].Rows.Count == 0 ? true : false))

frmMain.TellCash.cs [line 727]:

if (Validations(parPostMode == "ADD" ? true : false))

Here's a code snippet which demonstrates the typical misuse of the StringBuilder. Note how the programmer concats a string in a loop, then appends the resulting string to the StringBuilder:

private string CreateGridString()
{
    string strTemp = string.Empty;
    StringBuilder strBuild = new StringBuilder();
    foreach (DataGridViewRow dgrRow in dgvAcctHist.Rows)
    {
        strTemp = ((DataRowView)dgrRow.DataBoundItem)["Hst_chknum"].ToString().PadLeft(8, ' ');
        strTemp += "  ";
        strTemp += Convert.ToDateTime(((DataRowView)dgrRow.DataBoundItem)["Hst_trandt"]).ToString("MM/dd/yyyy");
        strTemp += "  ";
        strTemp += ((DataRowView)dgrRow.DataBoundItem)["Hst_DrAmount"].ToString().PadLeft(15, ' ');
        strTemp += "  ";
        strTemp += ((DataRowView)dgrRow.DataBoundItem)["Hst_CrAmount"].ToString().PadLeft(15, ' ');
        strTemp += "  ";
        strTemp += ((DataRowView)dgrRow.DataBoundItem)["Hst_trancd"].ToString().PadLeft(4, ' ');
        strTemp += "  ";
        strTemp += GetDescriptionString(((DataRowView)dgrRow.DataBoundItem)["Hst_desc"].ToString(), 30, 62);
        strBuild.AppendLine(strTemp);
    }
    strCreateGridString = strBuild.ToString();
    return strCreateGridString;//strBuild.ToString();
}

No primary keys, indexes, or foreign key constraints existed on tables, nearly all fields were of type varchar(50), and 100% of fields were nullable. Interestingly, bit fields were not used to store boolean data; instead a char(1) field was used, and the characters 'Y' and 'N' used to represent true and false respectively.

Speaking of the database, here's a representative example of a stored procedure:

ALTER PROCEDURE [dbo].[Get_TransHist]
 ( 
      @TellerID   int = null,
      @CashDrawer int = null,
      @AcctNum    bigint = null,
      @StartDate  datetime = null,
      @EndDate    datetime = null,
      @StartTranAmt     decimal(18,2) = null,
      @EndTranAmt decimal(18,2) = null,
      @TranCode   int = null,
      @TranType   int = null
 )
AS 
      declare @WhereCond Varchar(1000)
      declare @strQuery Varchar(2000)
      Set @WhereCond = ' '
      Set @strQuery = ' '
      If not @TellerID is null
            Set @WhereCond = @WhereCond + ' AND TT.TellerID = ' + Cast(@TellerID as varchar)
      If not @CashDrawer is null
            Set @WhereCond = @WhereCond + ' AND TT.CDId = ' + Cast(@CashDrawer as varchar)
      If not @AcctNum is null
            Set @WhereCond = @WhereCond + ' AND TT.AcctNbr = ' + Cast(@AcctNum as varchar)
      If not @StartDate is null
            Set @WhereCond = @WhereCond + ' AND Convert(varchar,TT.PostDate,121) >= ''' + Convert(varchar,@StartDate,121) + ''''
      If not @EndDate is null
            Set @WhereCond = @WhereCond + ' AND Convert(varchar,TT.PostDate,121) <= ''' + Convert(varchar,@EndDate,121) + ''''
      If not @TranCode is null
            Set @WhereCond = @WhereCond + ' AND TT.TranCode = ' + Cast(@TranCode as varchar)
      If not @EndTranAmt is null
            Set @WhereCond = @WhereCond + ' AND TT.TranAmt <= ' + Cast(@EndTranAmt as varchar)
      If not @StartTranAmt is null
            Set @WhereCond = @WhereCond + ' AND TT.TranAmt >= ' + Cast(@StartTranAmt  as varchar)
      If not (@TranType is null or @TranType = -1)
            Set @WhereCond = @WhereCond + ' AND TT.DocType = ' + Cast(@TranType as varchar)
      --Get the Teller Transaction Records according to the filters
      Set @strQuery = 'SELECT 
            TT.TranAmt as [Transaction Amount], 
            TT.TranCode as [Transaction Code],
            RTrim(LTrim(TT.TranDesc)) as [Transaction Description],
            TT.AcctNbr as [Account Number],
            TT.TranID as [Transaction Number],
            Convert(varchar,TT.ActivityDateTime,101) as [Activity Date],
            Convert(varchar,TT.EffDate,101) as [Effective Date],
            Convert(varchar,TT.PostDate,101) as [Post Date],
            Convert(varchar,TT.ActivityDateTime,108) as [Time],
            TT.BatchID,
            TT.ItemID,
            isnull(TT.DocumentID, 0) as DocumentID,
            TT.TellerName,
            TT.CDId,
            TT.ChkNbr,
            RTrim(LTrim(DT.DocTypeDescr)) as DocTypeDescr,
            (CASE WHEN TT.TranMode = ''F'' THEN ''Offline'' ELSE ''Online'' END) TranMode,
            DispensedYN
      FROM TellerTrans TT WITH (NOLOCK)
      LEFT OUTER JOIN DocumentTypes DT WITH (NOLOCK) on DocType = DocumentType
      WHERE IsNull(TT.DeletedYN, 0) = 0 ' + @WhereCond + ' Order By BatchId, TranID, ItemID'    
      Exec (@strQuery)

With all that said, the single biggest problem with this 130,000 line application this: no unit tests.

Yes, I have sent this story to TheDailyWTF, and then I quit my job.

您在生产企业环境中见过的最邪恶的代码是什么？

如果你对这篇内容有疑问，欢迎到本站社区发帖提问 参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

评论（30）

关于作者

相关话题

热门标签

推荐作者

1CH1MKgiKxn9p

ゞ记忆︶ㄣ

JackDx

信远

yaoduoduo1995

霞映澄塘

友情链接

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。